Companies and the like possess a large amount of sensitive data that should not be leaked to the outside. For DLP (Data Leak Prevention), the sensitive data is classified based on policy, and access control is performed in compliance with the classification results.
Technology for data classification and access control exists in a variety of forms. One approach is to perform document classification in a plurality of stages by first classifying a group of documents in categories in a first stage, then further classifying into another plurality of categories, by recursively calling a document classifying engine such as “CB Classifier” that classifies a plurality of provided documents into a plurality of categories based on a vector space method, and displaying on a screen the vertical relationship of the categories that are used in each stage in the form of a tree, designating the categories at the ends of the tree, and displaying on a screen a list of the documents that were classified into that category.
Another approach uses an electronic communication system having a user device containing a first Internet protocol stack that operates based on a first Internet protocol (IPv6) and a second Internet protocol stack that operates based on a second Internet protocol (IPv4), a packet wireless system (GPRS) network that transfers Internet packet data based on the second Internet protocol (IPv4), and an interaction unit. The electronic communication system provides a policy control function (PCF) that provides first authorizing information that designates conditions for permitting transfer of Internet packet data between the user device and a communicating partner node based on the first Internet protocol (IPv6), and a service-based policy converter (SBLP-T) that generates second authorizing information from the first authorizing information from the policy control function (PCF) based on the second Internet protocol (IPv4), and allows transfer of Internet packet data through the packet wireless system (GPRS) network based on the second Internet protocol (IPv4); wherein the packet wireless system (GPRS) network receives the second authorizing information based on the second Internet protocol (IPv4), and provides a service base local policy (SBLP) enforcer that receives or transmits Internet packet data to or from the packet wireless system (GPRS) network based on the second Internet protocol (IPv4).
Still another approach extracts and analyzes first data that is a classification standard from data subject to classification and attributes thereof, determines whether the data subject to classification or a predetermined first part that includes the first data belongs to the first classification category, and if the data belongs to the category, applies first access control settings for an action to the data subject to classification or the predetermined first part, and if access control for the action on the data subject to classification or the predetermined first part is on hold, second data that becomes the standard for classification is extracted and analyzed from the data subject to classification or attributes thereof, the second data is determined to belong to the second classification category, and if the data belongs to the second classification category, the second access control set is applied to the first action that is on hold.